Educause Security Discussion mailing list archives
Re: Follow up to password vs pass-phrase discussion
From: "Davis, Thomas R" <tdavis () IU EDU>
Date: Wed, 28 Apr 2010 07:32:24 -0400
Kamnab, We use passphrases exclusively: http://kb.iu.edu/data/acpu.html -- Tom Davis, CISSP, CISM Chief Security Officer Public Safety and Institutional Assurance Indiana University https://informationsecurity.iu.edu/Tom_Davis On Apr 27, 2010, at 3:22 PM, Kamnab Keo/FS/VCU wrote:
Does anyone advocate the use of pass-phrases vs passwords and allowing users the ability to use pass-phrases if they want to? For example, do you allow your users to use pass-phrases that consist of 15 characters or more with no complexity requirements but passwords with 7 to 14 characters must have some type of complexity (uppercase, number, special character)? Also does anyone have separate password policies for users that access sensitive systems? If so, what types of password policies are used? Thanks, Kamnab Keo IT Risk Management Analyst Virginia Commonwealth University VCU Information Security - http://infosecurity.vcu.edu/ Information Security News, Tips & More - http://www.twitter.com/vcuinfosec Information Security Best Practices - http://infosecurity.vcu.edu/docs/information-security-best-practices.pdf Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.
Current thread:
- Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 27)
- <Possible follow-ups>
- Re: Follow up to password vs pass-phrase discussion Sheri J Thompson (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Roger Safian (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Bill Badertscher (Apr 27)
- Re: Follow up to password vs pass-phrase discussion Davis, Thomas R (Apr 28)
- Re: Follow up to password vs pass-phrase discussion Kamnab Keo/FS/VCU (Apr 28)